Dammit. Despite thinking of myself as someone careful about these things, my web server was hacked earlier this morning. It’s my own fault though, as I’ve been getting a bit sloppy. I tested out AWStats a while back, left it installed, forgot about it, didn’t keep it updated, and of course the hack was then done through an AWStats flaw…
What I should have done was either 1) not have kept it installed, 2) placed a password check on it, 3) joined the AWStats announcements list, where I would have gotten a notice about the flaw earlier, or 4) used a distro where it would have been part of the standard packages and automatically updated.
Oh well. Fortunately, since I watch logs like a hawk, I noticed it and shut it down within 15 minutes of the initial break. Since the web server runs as ‘nobody’ it couldn’t actually damage anything; it just kicked off a script to port scan other systems. It’s still depressing to realize that you’ve helped make the problem worse though, even by only a little, and if I can’t find the time to admin this properly, maybe it’s not worth the hassle.
Ya know… I haven’t done squat to AWStats since I first installed it, and I haven’t seen any evidence of tampering as of yet. Since I didn’t know about this either, there’s an upgrade going on as I write this.
I doubt it’s much of a consolation, but I have the time and the ability, and I don’t really admin my server by the book either. I know I should, but Unix has a history of taking care of itself so well for me, I tend to get lazy about it. ;-)
If ya want my $0.02 (and I rather imagine I’m charging too much sometimes :-) ), I woudn’t let small snags on your line sway you too much. We’re in an era where this kinda thing is way too common, and you could have caught it a lot later than ya did.
Oh, and pardon the fishing analogy. :-)
ADDENDUM:
I guess I should have stuck with the previous version of AWStats… Did the update, and now I can’t make Apache display it unless I mangle the paths and URL — and when I do so none of it displays correctly or uses any of the icons and other resources AWStats has.
What a waste of time. :-P